from applications.extensions import db
from datetime import datetime, UTC


# 后台系统管理员模型
class Admin(db.Model):
    __tablename__ = 'admins'
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password = db.Column(db.String(200), nullable=False)  # bcrypt加密存储
    email = db.Column(db.String(120), nullable=True)
    phone = db.Column(db.String(20), nullable=True)
    created_at = db.Column(db.DateTime, default=datetime.now(UTC))
    avatar = db.Column(db.String(255), default="https://img.ixintu.com/download/jpg/20200901/3e9ce3813b7199ea9588eeb920f41208_512_512.jpg!bg")
    nickname = db.Column(db.String(50))
    real_name = db.Column(db.String(50))
    birthday = db.Column(db.Date)  # 改用Date类型
    sex = db.Column(db.Integer)  # 0:未知, 1:男, 2:女
    address = db.Column(db.String(255))
    introduction = db.Column(db.Text)
    status = db.Column(db.Integer, name='admin_status', default=1)  # 0:禁用, 1:启用 2:锁定
    last_login_at = db.Column(db.DateTime)
    last_login_ip = db.Column(db.String(45))
    mfa_secret = db.Column(db.String(16))  # 多因素认证密钥[3](@ref)

    # 关联角色
    roles = db.relationship('Role', secondary='admin_roles', backref=db.backref('admins', lazy='select'))

    def has_permission(self, permission_code):
        for role in self.roles:
            if role.is_active and any(perm.code == permission_code for perm in role.permissions):
                return True
        return False

# 2. 角色表 (Role)
class Role(db.Model):
    __tablename__ = 'roles'
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(64), unique=True)  # 角色名称,管理员、普通管理员
    code = db.Column(db.String(64), unique=True)  # 角色编码,admin, common
    remark = db.Column(db.String(128))  # 备注
    status = db.Column(db.Integer, default=1)  # 状态 1 启用 0 停用
    createTime = db.Column(db.DateTime, default=datetime.now(UTC))  # 创建时间
    updateTime = db.Column(db.DateTime, default=datetime.now(UTC), onupdate=datetime.now(UTC)) # 更新时间
    # 建立与权限的多对多关系
    permissions = db.relationship('Permission', secondary='role_permissions', backref=db.backref('roles', lazy='dynamic'))

# 3. 权限表 (Permission)
class Permission(db.Model):
    __tablename__ = 'permissions'
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(64), unique=True)  # 权限标识名，如 '管理员', '普通用户'
    code = db.Column(db.String(64), unique=True)  # 新增权限标识字段，如 'manage_user', 'view_logs'
    description = db.Column(db.String(128))  # 权限描述
    endpoint = db.Column(db.String(128))  # 可关联到Flask路由端点

# 4. 用户-角色关联表 (多对多)
user_roles = db.Table(
    'admin_roles',
    db.Column('user_id', db.Integer, db.ForeignKey('admins.id'), primary_key=True),
    db.Column('role_id', db.Integer, db.ForeignKey('roles.id'), primary_key=True)
)

# 5. 角色-权限关联表 (多对多)
role_permissions = db.Table('role_permissions',
    db.Column('role_id', db.Integer, db.ForeignKey('roles.id'), primary_key=True),
    db.Column('permission_id', db.Integer, db.ForeignKey('permissions.id'), primary_key=True)
)